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Appeal 2009-010900 
Application 10/692,127 
Technology Center 2400 



Before JOSEPH L. DIXON, JOHN A. JEFFERY, and 
DEBRA K. STEPHENS, Administrative Patent Judges. 

JEFFERY, Administrative Patent Judge. 

DECISION ON APPEAL 
Appellants appeal under 35 U.S.C. § 134(a) from the Examiner's 
rejection of claims 1-24. We have jurisdiction under 35 U.S.C. § 6(b). We 
reverse. 

STATEMENT OF THE CASE 
Appellants' invention improves data security by controlling 
transferring data from a data processing system to a network. See generally 
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Spec, f 0009. Claim 1 is illustrative with key disputed limitations 
emphasized: 

1 . A method in a data processing system for 
controlling the transfer of data from the data processing system 
to a network, said method comprising the steps of: 

creating a file list of one or more data files to be 
controlled; 



creating a process list for each data file in the file list, 
wherein each process list identifies one or more processes 
executing in the data processing system that has accessed the 
data file associated with the created process list; 

receiving a request from a requesting process executing 
in the data processing system to transfer data from the data 
processing system to the network; 

determining if the requesting process is identified in one 
or more created process lists; and 

if the requesting process is identified in a created process 
list, prohibiting the requested transfer of data from the data 
processing system to the network. 

The Examiner relies on the following as evidence of unpatentability: 

Oe US 2002/0099837 A 1 July 25, 2002 

Yamaguchi US 2004/0064572 A 1 Apr. 1 , 2004 

(filed Sept. 25, 2003) 
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The Rejections 

1. The Examiner rejected claims 1-4, 9-12, and 17-20 under 35 U.S.C. 
§ 102(b) as anticipated by Oe. Ans. 3-5. 1 

2. The Examiner rejected claims 5-8, 13-16, and 21-24 under 35 U.S.C. 
§ 103(a) as unpatentable over Oe and Yamaguchi. Ans. 5-7. 

The Anticipation Rejection 

Regarding independent claim 1, the Examiner finds that Oe discloses 
a method for controlling transferring data from a data processing system to a 
network with every recited feature including (1) creating a "file list" which 
the Examiner equates to Oe's access right management table; (2) creating a 
"process list" for each listed data file which is said to correspond to Oe's list 
of conditions within the access right management table; and (3) prohibiting a 
requested data transfer from the data processing system to a network if the 
requesting process is identified in the process list. Ans. 3-7, 8-9. 

Appellants argue that Oe does not prohibit an identified requesting 
process in the process list from transferring data to a network as claimed, 
where the process previously accessed a data file associated with the list. 
App. Br. 4-7; Reply Br. 2-3. The issue before us, then, is as follows: 



1 Throughout this opinion, we refer to (1) the Appeal Brief filed August 4, 
2008; (2) the Examiner's Answer mailed November 24, 2008; and (3) the 
Reply Brief filed January 26, 2009. 
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ISSUE 

Under § 102, has the Examiner erred in rejecting claim 1 by finding 
that Oe creates a process list for each data file in a file list, where the process 
list identifies one or more processes executing in the data processing system 
that accessed the data file associated with the process list? 

FINDINGS OF FACT (FF) 

1 . Oe controls access to computer resource(s) managed by an 
operating system (OS), such as a file, network, storage device, display 
screen, or external device by (1) trapping an operation request from a 
process before accessing the resource; (2) determining if an access right for 
the resource is present; and, if not, (3) denying the operation request. Oe, ff 
0009-13; 0351-52. 

2. Oe shows various hardware configurations in Figures 1A and IB 
embodying the disclosed system. Figure 1A shows a standalone computer 
101 including a personal computer 1012 in which is installed an OS and 
resource management program. Figure IB, however, shows multiple 
computers having similar configurations that are connected via network 102. 
Oe,ff 0213-16; Figs. 1A-1B. 

3. Resource management program 203 includes an access control 
module 2033 with access right management table 2035. This table registers 
(1) resource designation information 20351 (e.g., file name/ID); (2) 
condition information 20352 under which the access right is validated (e.g., 
user name/ID, group name/ID, time, etc.); and (3) access right information 
20353-2035n for each resource. Oe, fl 0015, 0218-25; Figs. 2-3. 



4 



Appeal 2009-010900 
Application 10/692,127 

4. The access right management table's access right information can 
include the right to (1) move or copy a file to another medium; (2) write to 
shared memory; and (3) run specific processes. This information can also 
include usage inhibition of an application except a specific application or 
inhibition of attachment to mail. Oe, fR 0018, 0225; Fig. 3. 

ANALYSIS 

Based on the record before us, we find error in the Examiner's 
anticipation rejection of independent claim 1 which recites, in pertinent part, 
a process list for each data file in a file list, where the process list identifies 
one or more processes executing in the data processing system that has 
accessed the data file associated with the process list. 

We emphasize this file access condition, for as Appellants indicate 
(Reply Br. 2), its past tense ("has accessed") requires that the one or more 
identified processes previously accessed the associated data file. This 
requirement is critical, for the Examiner has not shown that Oe's "process 
list" (which the Examiner equates to the list of conditions in Oe's access 
right management table (Ans. 8)) identifies at least one process that has 
previously accessed an associated data file — a crucial deficiency on this 
record. 

We reach this conclusion leaving aside the fact that the condition 
column of Oe's access right management table referred to by the Examiner 
merely indicates the particular conditions for validating access rights (e.g., 
user name/ID, group name/ID, time, etc.), and it is actually the access right 
information columns that list particular processes associated with files listed 
in the first column (i.e., "resource designation information"), namely moving 
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or copying files to other media, writing to memory, etc. See FF 3-4. But 
whatever column of this table is mapped to the recited "process list," we still 
fail to see how one or more of these processes necessarily previously 
accessed an associated data file as claimed. 

Although we agree with the Examiner (Ans. 8) that Oe reasonably 
teaches controlling transferring data to a network in view of Oe's repeated 
references to controlling access to network-based resources and associated 
network-based implementations as shown in Figure IB {see FF 1-2), the 
Examiner nonetheless fails to show that any of the identified processes 
necessarily previously accessed an associated data file as claimed. 

We are therefore persuaded that the Examiner erred in rejecting (1) 
independent claim 1; (2) independent claims 9 and 17 which recite 
commensurate limitations; and (3) dependent claims 2-4, 10-12, and 18-20 
for similar reasons. 

The Obviousness Rejection 
Since the Examiner has not shown that Yamaguchi cures Oe's 
deficiencies noted above regarding the independent claims, we reverse the 
obviousness rejection of dependent claims 5-8, 13-16, and 21-24 (Ans. 5-7) 
for similar reasons. 

CONCLUSION 

The Examiner erred in rejecting (1) claims claims 1-4, 9-12, and 
17-20 under § 102, and (2) claims 5-8, 13-16, and 21-24 under § 103. 
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ORDER 

The Examiner's decision rejecting claims 1-24 is reversed. 
REVERSED 



Pgc 



